image
FOCA (Fingerprinting Organizations with Collected Archives) FOCA is a tool used mainly to find metadata and hidden information in the documents it scans . These documents may be on web pages, and can be downloaded and analysed with FOCA. It is capable of analysing a wide variety of documents, with the most common being Microsoft Office , Open Office , or PDF files, although it also analyses Adobe InDesign or SVG files, for instance. These documents are searched for using three possible search engines: Google , Bing , and DuckDuckGo . The sum of the results from the three engines amounts to a lot of documents. It is also possible to add local files to extract the EXIF information from graphic files, and a complete analysis of the information discovered through the URL is conducted even before downloading the file. Releases Check here our latest releases. Requisites To run the solution locally the system will need: Microsoft Windows (64 bits). Versions 7, 8, 8.1 and 10. Microsoft .NET Framework 4.7.1 . Microsoft Visual C++ 2010 x64 or greater. An instance of SQL Server 2014 or greater. Notes When starting the app the system will check if there is a SQL Server instance available. If none is found, the system will prompt a window for introducing a connection string. Stay tuned Get the news about our latest doings and send us a message. https://twitter.com/Fear_the_Foca Further reading …

image
IoT-Implant-Toolkit is a framework of useful tools for malware implantation research of IoT devices. It is a toolkit consisted of essential software tools on firmware modification, serial port debugging, software analysis and stable spy clients. With an easy-to-use and extensible shell-like environment, IoT-Implant-Toolkit is a one-stop-shop toolkit simplifies complex procedure of IoT malware implantation. In our research, we have succcessfully implanted Trojans in eight devices including smart speakers, cameras, driving recorders and mobile translators with IoT-Implant-Toolkit. A demo video below: How to use Installation Make sure you have git, python3 and setuptools installed. For audio processing and playing, you should install alsa(built-in in linux), sox and ffplay. On ubuntu18.04: $ sudo apt install sox ffmpeg Download source code from our Github: $ git clone https://github.com/arthastang/IoT-Implant-Toolkit.git Set up environment and install dependencies: $ cd IoT-Implant-Toolkit/ $ python3 setup.py install Run Run the toolkit: $ python3 -B IoT-Implant-Toolkit.py _____ _______ _____ _ _ _______ _ _ _ _ |_ _| |__ __| |_ _| | | | | |__ __| | | | (_) | | | ___ | |______| | _ __ ___ _ __ | | __ _ _ __ | |_ ______| | ___ ___ | | | ___| |_ | | / _ | |______| | | ‘_ ` _ | ‘_ | |/ _` | ‘_ | __|______| |/ _ / _ | | |/…

image
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit. For use with Kali Linux and the Penetration Testers Framework (PTF). Lee Baird @discoverscripts Jay "L1ghtn1ng" Townsend @jay_townsend1 Jason Ashton @ninewires Download, setup, and usage git clone https://github.com/leebaird/discover /opt/discover/ All scripts must be ran from this location. cd /opt/discover/ ./update.sh RECON 1. Domain 2. Person 3. Parse salesforce SCANNING 4. Generate target list 5. CIDR 6. List 7. IP, range, or domain 8. Rerun Nmap scripts and MSF aux WEB 9. Insecure direct object reference 10. Open multiple tabs in Firefox 11. Nikto 12. SSL MISC 13. Parse XML 14. Generate a malicious payload 15. Start a Metasploit listener 16. Update 17. Exit RECON Domain RECON 1. Passive 2. Active 3. Import names into an existing recon-ng workspace 4. Previous menu Passive uses ARIN, dnsrecon, goofile, goog-mail, goohost, theHarvester, Metasploit, URLCrazy, Whois, multiple websites, and recon-ng. Active uses dnsrecon, WAF00W, traceroute, Whatweb, and recon-ng. [*] Acquire API keys for Bing, Builtwith, Fullcontact, GitHub, Google, Hashes, Hunter, SecurityTrails, and Shodan for maximum results with recon-ng and theHarvester. API key locations: recon-ng show keys keys add bing_api <value> theHarvester /opt/theHarvester/api-keys.yaml …

image
yet another dirbuster Common Command line options -a <user agent string> – specify a user agent string to send in the request -c <http cookies> – use this to specify any cookies that you might need (simulating auth). header. -f – force processing of a domain with wildcard results. -l – show the length of the response. -r – follow redirects. -s <status codes> – comma-separated set of the list of status codes to be deemed a "positive" (default: 200,204,301,302,307 ). -u <url/domain> – full URL (including scheme), or base domain name. -v – verbose output (show all results). -w <wordlist> – path to the wordlist used for brute forcing. -b <token> – HTTP Authorization via Bearer token. -P <password> – HTTP Authorization password (Basic Auth only, prompted if missing). -U <username> – HTTP Authorization username (Basic Auth only). Install cargo install rbuster Install in kali apt install libssl-dev pkg-config cargo install rbuster Example $ rbuster -w common.txt -u http://horriblesubs.info/ Rbuster 0.1.0 Vadim Smirnov ===================================================== Url/Domain : http://horriblesubs.info/ Wordlist : common.txt Words : 4593 ===================================================== /thanks (Status: 301 Moved Permanently | Content-Length: 0) /the (Status: 301 Moved Permanently | Content-Length: 0) /ro (Status: 301 Moved Permanently | Content-Length: 0) /robot (Status: 301 Moved Permanently…

image
An XMLRPC brute forcer targeting WordPress written in Python 3. In the context of xmlrpc brute forcing, its faster than Hydra and WpScan. It can brute force 1000 passwords per second. Usage python3 xmlrcpbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt username python3 xmlrpcbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt userlist.txt Bugs If you get an xml.etree.ElementTree.ParseError : Did you forget to add ‘xmlrpc' in the url ? Try to add or remove ‘https' or ‘www'. I'm working on the Exception Handling. Will fix it soon. Screenshot Download…

image
Dirstalk is a multi threaded application designed to brute force paths on web servers. The tool contains functionalities similar to the ones offered by dirbuster and dirb . Here you can see it in action: How to use it The application is self-documenting, launching dirstalk -h will return all the available commands with a short description, you can get the help for each command by doing distalk <command> -h . EG dirstalk result.diff -h Scan To perform a scan you need to provide at least a dictionary and a URL: dirstalk scan http://someaddress.url/ –dictionary mydictionary.txt As mentioned before, to see all the flags available for the scan command you can just call the command with the -h flag: dirstalk scan -h Example of how you can customize a scan: dirstalk scan http://someaddress.url/ –dictionary mydictionary.txt –http-methods GET,POST –http-timeout 10000 –scan-depth 10 –threads 10 –socks5 127.0.0.1:9150 –cookie name=value –use-cookie-jar –user-agent my_user_agent –header "Authorization: Bearer 123" Currently available flags: –cookie stringArray [cookie](<https://www.kitploit.com/search/label/Cookie> "cookie" ) to add to each request; eg name=value (can be specified multiple times) -d, –dictionary string dictionary to use for the scan (path to local file or [remote](<https://www.kitploit.com/search/label/Remote> "remote" ) url) –header…

image
Set of tools for security testing of Internet of Things devices using protocols like: CoAP, DTLS, HTCPCP, mDNS, MQTT, SSDP. Installation: Simply clone code from git: https://github.com/Samsung/cotopaxi Requirements: Currently Cotopaxi works only with Python 2.7.x, but future versions will work also with Python 3. If you have previous installation of scapy without scapy-ssl_tls, please remove it or use venv. Installation of main libraries: scapy-ssl_tls (this will install also scapy in 2.4.2) pip install git+https://github.com/tintinweb/[email protected] Common problems: If you encounter error: error: [Errno 2] No such file or directory: ‘LICENSE' , try repeating command – surprisingly it works. If you encounter error: NameError: name ‘os' is not defined – add missing import os to scapy/layers/ssl_tls.py . All other required packages can be installed using requirements.txt file: pip install -r cotopaxi/requirements.txt Manual installation of other required packages: pip install dnslib IPy hexdump pyyaml psutil enum34 configparser Disclaimer Cotopaxi toolkit is intended to be used only for authorized security testing! Some tools (especially vulnerability tester and protocol fuzzer) can cause some devices or servers to stop acting in the intended way — for example leading to crash or hang of tested entities or flooding with network traffic another entities. Make sure you have permission from the owners of tested devices or…

image
IDA PRO Auto-Renaming Plugin With Tagging Support Features 1. Auto-renaming dummy-named functions, which have one API call or jump to the imported API Before After 2. Assigning TAGS to functions accordingly to called API-indicators inside Sets tags as repeatable function comments and displays TAG tree in the separate view Some screenshots of TAGS view: How TAGs look in unexplored code: You can easily rename function using its context menu or just pressing n hotkey: Installation Just copy auto_re.py to the IDAplugins directory and it will be available through Edit -> Plugins -> Auto RE menu Download…

image
Gobuster is a tool used to brute-force: URIs (directories and files) in web sites. DNS subdomains (with wildcard support). Virtual Host names on target web servers. Oh dear God.. WHY!? Because I wanted: … something that didn't have a fat Java GUI (console FTW). … to build something that just worked on the command line. … something that did not do recursive brute force. … something that allowed me to brute force folders and multiple extensions at once. … something that compiled to native on multiple platforms. … something that was faster than an interpreted script (such as Python). … something that didn't require a runtime. … use something that was good with concurrency (hence Go). … to build something in Go that wasn't totally useless. But it's shit! And your implementation sucks! Yes, you're probably correct. Feel free to: Not use it. Show me how to do it better. Love this tool? Back it! If you're backing us already, you rock. If you're not, that's cool too! Want to back us? Become a backer ! All funds that are donated to this project will be donated to charity. A full log of charity donations will be available in this repository as they are processed. Changes in 3.0 New CLI options so modes are strictly seperated ( -m is now gone!) Performance Optimizations and better connection handling Ability to bruteforce vhost names Option to supply custom HTTP headers Available Modes dir – the…

image
RITA is an open source framework for network traffic analysis. The framework ingests Bro/Zeek Logs in TSV format, and currently supports the following major features: Beaconing Detection : Search for signs of beaconing behavior in and out of your network DNS Tunneling Detection Search for signs of DNS based covert channels Blacklist Checking : Query blacklists to search for suspicious domains and hosts Automatic Installation The automatic installer is officially supported on Ubuntu 16.04 LTS, Security Onion*, and CentOS 7 Download the latest install.sh file from the release page Make the installer executable: chmod +x ./install.sh Run the installer: sudo ./install.sh Please see the Security Onion RITA wiki page for further information pertaining to using RITA on Security Onion. Manual Installation To install each component of RITA by hand, check out the instructions in the docs . Upgrading RITA See this guide for upgrade instructions. Getting Started System Requirements Operating System – The preferred platform is 64-bit Ubuntu 16.04 LTS. The system should be patched and up to date using apt-get. Processor (when installed alongside Bro/Zeek) – Two cores plus an additional core for every 100 Mb of traffic being captured. (three cores minimum). This should be dedicated hardware, as resource congestion with other VMs can cause packets to be dropped or missed. Memory – 16GB minimum. 64GB if monitoring 100Mb or more…